def login(self, db, admin, password):
cursor = db.cursor()
sql = '''
SELECT id, password FROM admin
WHERE admin_login = %s
'''
try:
cursor.execute(sql, (admin, ))
except OperationalError as e:
print(e)
return abort(500)
result = cursor.fetchone()
if not result:
return {'message': 'Admin not exist'}, 401
uid, password_hash = result
check = bcrypt.check_password_hash(password_hash.decode('UTF-8'),
password)
if not check:
return {'message': 'incorrect admin/password combination'}, 401
access_token = create_access_token(identity={
'id': uid,
'role': 'admin'
})
refresh_token = create_refresh_token(identity={
'id': uid,
'role': 'admin'
})
resp_body = {'message': f'admin {admin} ' f'logged in successfully'}
resp = jsonify(resp_body)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
def login():
if current_user.is_authenticated:
flash('You\'re already logged in', 'info')
return redirect(url_for('base.index'))
form = LoginForm()
render_vars = {'page_name': 'Login', 'form': form}
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
remember_me = False
if form.remember_me:
remember_me = True
login_user(user, remember=remember_me)
flash('Welcome back !', 'success')
return redirect(url_for('base.index'))
elif user:
flash('Invalid password.', 'danger')
return render_template('user/login.html', form=form)
else:
flash('Invalid email.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', **render_vars)
def post(self):
body = request.get_json()
user = User.query.filter_by(email=body.get('email')).first()
if user and bcrypt.check_password_hash(user.password, body.get('password')):
expires = timedelta(days=7)
access_token = create_access_token(identity=str(user.id), expires_delta=expires)
return {'token': access_token}, 200
return {'error': 'Email or password invalid'}, 401
def authenticate(cls, login, password):
if login is not "" and password is not "":
user = cls.getuserbylogin(login)
if user is not None:
if bcrypt.check_password_hash(user.password, password):
User.update(lastlogindate=DateTime.local2utc(
datetime.now())).where(User.id == user.id).execute()
return user, True
return None, False
def login():
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
# right way to find user with correct password
user = User.query\
.filter(User.username == username) \
.first()
session_cookie = str(uuid.uuid4())
expiry_time = datetime.datetime.now() + datetime.timedelta(
seconds=COOKIE_DURATION)
redirect_url = request.args.get('redirectTo', url_for('main.index'))
if user is None:
flash("Username or password is wrong", "warning")
logging.info(
f"User {username} failed to login with wrong username.")
return redirect(url_for('user.login', redirectTo=redirect_url))
elif not bcrypt.check_password_hash(user.password_hash, password):
flash("Username or password is wrong", "warning")
logging.info(
f"User {username} failed to login with wrong password.")
return redirect(url_for('user.login', redirectTo=redirect_url))
else:
user.session_cookie = session_cookie
user.session_expiry_datetime = expiry_time
db.session.add(user)
db.session.commit()
logging.info(f"User {username} is logged in")
response = make_response(redirect(redirect_url))
response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME,
session_cookie,
httponly=True,
samesite='Strict')
return response
elif request.method == "GET":
cookie = request.cookies.get(WEBSITE_LOGIN_COOKIE_NAME)
user = None
if cookie is not None:
user = User.query \
.filter_by(session_cookie=cookie) \
.filter(User.session_expiry_datetime >= datetime.datetime.now())\
.first()
if user is None:
logged_in = False
else:
logged_in = True
return render_template("login.html", logged_in=logged_in)
def login():
# fetch login credentials
data = request.get_json(force=True)
# find user
user = session.query(User).filter_by(email=data['email']).first()
if not user:
return {"ok": True, "message": "User with email not found"}, 404
if bcrypt.check_password_hash(user.password, data['password']):
token = create_access_token(identity=data['email'])
return jsonify(access_token=token)
return {"ok": True, "message": "Incorrect password"}, 401
def jwt_create():
email = request.form.get('email')
password = request.form.get('password')
user = User.query.filter_by(email=email).first()
# Validate credentials
if not user or not bcrypt.check_password_hash(user.password, password):
return jsonify({'message': 'Invalid username or password'}), 400
else:
jwt_token = create_access_token(identity=user.id)
return jsonify(token=jwt_token), 200
def login(value):
user = user_account.query.filter(
user_account.username == value[0]).first()
if user:
password = bcrypt.check_password_hash(
user.password.encode('utf-8'), value[1].encode('utf-8'))
if password == False:
user = None
return user
def login_post():
email = request.form.get('email')
password = request.form.get('password')
remember = True if request.form.get('remember') else False
user = User.query.filter_by(email=email).first()
# Validate credentials
if not user or not bcrypt.check_password_hash(user.password, password):
flash('Please check your login details and try again.')
return redirect(url_for('auth.login')) # Reload page
# if the above check passes, then we know the user has the right credentials
login_user(user, remember=remember)
return redirect(url_for('main.profile'))
def login():
error = None
form = LoginForm(request.form)
if request.method == 'POST':
if form.validate_on_submit():
if request.form['username'] == 'randall'\
and bcrypt.check_password_hash(
PASSWORD,
request.form['password']
):
session['logged_in'] = True
return redirect(url_for('home_ctrl.home'))
else:
error = 'Invalid credentials'
return render_template('login.html', form=form, error=error)
def post(self):
args = parser.parse_args()
email = args['email']
password = args['password']
user = db.session.query(User).filter_by(email=email).first()
print(user.user_id, "result of user.user_id")
if user is None:
return jsonify(authorization=False)
if bcrypt.check_password_hash(user.password, password):
login_user(user, remember=True)
print(user, "user login")
result = jsonify(isLoggedIn=current_user.is_authenticated,
user=user.as_dict())
else:
result = jsonify(authorization=False)
return result
def post(self):
args = login_parser.parse_args()
if len(args['userid']) > 100:
return {
'message':
'username or email should be '
'less than 100 characters'
}, 400
try:
cursor = mysql.get_db().cursor()
sql = '''
SELECT user.id, password, username FROM user JOIN email
ON user.id = email.user_id
WHERE email.address = %s or user.username = %s
'''
cursor.execute(sql, (args['userid'], args['userid']))
result = cursor.fetchone()
except OperationalError as e:
return error_resp(e)
if not result:
return ({'message': 'incorrect userid/password combination'}, 409)
user_id, password, username = result
if bcrypt.check_password_hash(password.decode('utf-8'),
args['password']):
access_token = create_access_token(identity=user_id)
refresh_token = create_refresh_token(identity=user_id)
resp_body = {
'message': f'username {username} '
f'logged in successfully'
}
resp = jsonify(resp_body)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
return ({'message': 'incorrect userid/password combination'}, 409)
def user_login():
"""
Converts password text to hash string using bcrypt, verifies the
combination against the database and creates a session for user in Flask
:param email:
:param password:
:return: user.todict()
"""
req = request.get_json()
user = (User.query
.filter(User.email == req['email'])
.first()
)
if user is not None:
if bcrypt.check_password_hash(user.password, req['password']):
if user.is_active == False:
return Error("Email not confirmed. Please check your mail",
http_code=403)()
login_user(user)
session.permanent = True
# get all fields except
fields = [c.name for c in User.__table__.c]
fields = filter(
lambda x: x not in ['password', 'is_active', 'type'],
fields)
fields = list(fields)
fields.append("corporate")
fields.append({"corporate": ["tests", "name", "id"]})
json_dict = user.todict(fields)
if json_dict['corporate'] != None:
corporate_id = json_dict['corporate']['id']
CookieHelper.set_corporate_cookie(corporate_id)
return user.todict(fields)
return Error("Invalid Email or Password", 401)()
def change_password():
"""
Allows User to change Password after validating the Old Password. User
must be logged in to be able to do this.
:return: 403 if old password doesn't match, 400 if any error, else 200
"""
req = request.get_json()
try:
user = User.query \
.filter(User.id == current_user.id) \
.filter(User.is_active) \
.one()
if bcrypt.check_password_hash(user.password, req['old_password']):
user.password = bcrypt.generate_password_hash(req['new_password'])
db.session.commit()
return ""
return Error('Invalid Old Password', 403)
except NoResultFound:
return Error('Invalid User', 400)()
def check_password(self, password):
return bcrypt.check_password_hash(self._password, password)
def check_password(self, plaintext):
return bcrypt.check_password_hash(self._password, plaintext)
def check_password(self, password):
return bcrypt.check_password_hash(self._password,
password)
def check_password(self, value):
"""Check password."""
return bcrypt.check_password_hash(self.password, value)
def check_password(self, value):
check = bcrypt.check_password_hash(self.password, value)
return check
def verify_password(self, password):
return bcrypt.check_password_hash(self.password_hash, password)